Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 3.2

    LOW
    CVE-2014-6590

    Unspecified vulnerability in the Oracle VM VirtualBox component in Oracle Virtualization VirtualBox before 4.3.20 allows local users to affect integrity and availability via vectors related to VMSVGA virtual graphics device, a different vulnerability than... Read more

    Affected Products : opensuse vm_virtualbox
    • Published: Jan. 21, 2015
    • Modified: Apr. 12, 2025

  • 3.1

    LOW
    CVE-2019-2449

    Vulnerability in the Java SE component of Oracle Java SE (subcomponent: Deployment). The supported version that is affected is Java SE: 8u192. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to... Read more

    • Published: Jan. 16, 2019
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2020-23587

    A vulnerability found in the OPTILINK OP-XT71000N Hardware Version: V2.2 , Firmware Version: OP_V3.3.1-191028 allows an unauthenticated, remote attacker to conduct a cross-site request forgery (CSRF) attack to men in the middle attack by adding New Routes... Read more

    Affected Products : op-xt71000n_firmware op-xt71000n
    • Published: Nov. 23, 2022
    • Modified: Apr. 25, 2025

  • 3.1

    LOW
    CVE-2024-22047

    A race condition exists in Audited 4.0.0 to 5.3.3 that can result in an authenticated user to cause audit log entries to be attributed to another user. ... Read more

    Affected Products : audited
    • Published: Jan. 04, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-21848

    Improper Access Control in Mattermost Server versions 8.1.x before 8.1.11 allows an attacker that is in a channel with an active call to keep participating in the call even if they are removed from the channel ... Read more

    Affected Products : mattermost_server mattermost
    • Published: Apr. 05, 2024
    • Modified: Dec. 13, 2024

  • 3.1

    LOW
    CVE-2020-15005

    In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user cou... Read more

    Affected Products : fedora debian_linux mediawiki
    • Published: Jun. 24, 2020
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2019-15126

    An issue was discovered on Broadcom Wi-Fi client devices. Specifically timed and handcrafted traffic can cause internal errors (related to state transitions) in a WLAN device that lead to improper layer 2 Wi-Fi encryption with a consequent possibility of ... Read more

    • Published: Feb. 05, 2020
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2023-34414

    The error page for sites with invalid TLS certificates was missing the activation-delay Firefox uses to protect prompts and permission dialogs from attacks that exploit human response time delays. If a malicious page elicited user clicks in precise locati... Read more

    Affected Products : firefox firefox_esr thunderbird
    • Published: Jun. 19, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2022-4923

    Inappropriate implementation in Omnibox in Google Chrome prior to 99.0.4844.51 allowed an attacker in a privileged network position to perform a man-in-the-middle attack via malicious network traffic. (Chromium security severity: Low)... Read more

    Affected Products : chrome
    • Published: Jul. 29, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2025-32816

    CodeLit CourseLit before 0.57.5 allows Parameter Tampering via a payment plan associated with the wrong entity.... Read more

    Affected Products :
    • Published: Apr. 11, 2025
    • Modified: Apr. 11, 2025
    • Vuln Type: Authentication

  • 3.1

    LOW
    CVE-2017-15352

    Huawei OceanStor 2800 V3, V300R003C00, V300R003C20, OceanStor 5300 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5500 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5600 V3, V300R003C00, V300R003C10, V300R003C20, OceanStor 5800 V3, V300R003C0... Read more

    • Published: Feb. 15, 2018
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2024-2032

    A race condition vulnerability exists in zenml-io/zenml versions up to and including 0.55.3, which allows for the creation of multiple users with the same username when requests are sent in parallel. This issue was fixed in version 0.55.5. The vulnerabili... Read more

    Affected Products : zenml
    • Published: Jun. 06, 2024
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2023-4658

    An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge... Read more

    Affected Products : gitlab
    • Published: Dec. 01, 2023
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2023-5600

    An issue has been discovered in GitLab EE affecting all versions starting from 16.0 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. Arbitrary access to the titles of an private specific referenc... Read more

    Affected Products : gitlab
    • Published: Jun. 20, 2025
    • Modified: Aug. 12, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2018-8864

    In ATI Systems Emergency Mass Notification Systems (HPSS16, HPSS32, MHPSS, and ALERT4000) devices, a missing encryption of sensitive data vulnerability caused by specially crafted malicious radio transmissions may allow an attacker to remotely trigger fal... Read more

    • Published: May. 25, 2018
    • Modified: Nov. 21, 2024

  • 3.1

    LOW
    CVE-2023-42119

    Exim dnsdb Out-Of-Bounds Read Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Exim. Authentication is not required to exploit this vulnerability. Th... Read more

    Affected Products : exim
    • Published: May. 03, 2024
    • Modified: Aug. 07, 2025

  • 3.1

    LOW
    CVE-2025-30197

    Jenkins Zoho QEngine Plugin 1.0.29.vfa_cc23396502 and earlier does not mask the QEngine API Key form field, increasing the potential for attackers to observe and capture it.... Read more

    Affected Products :
    • Published: Mar. 19, 2025
    • Modified: Mar. 21, 2025
    • Vuln Type: Information Disclosure

  • 3.1

    LOW
    CVE-2024-21251

    Vulnerability in the Java VM component of Oracle Database Server. Supported versions that are affected are 19.3-19.24, 21.3-21.15 and 23.4-23.5. Difficult to exploit vulnerability allows low privileged attacker having Create Session, Create Procedure pr... Read more

    Affected Products : database_server database_-_java_vm
    • Published: Oct. 15, 2024
    • Modified: Oct. 31, 2024

  • 3.1

    LOW
    CVE-2025-6527

    A vulnerability, which was classified as problematic, was found in 70mai M300 up to 20250611. Affected is an unknown function of the component Web Server. The manipulation leads to improper access controls. The attack can only be initiated within the loca... Read more

    Affected Products :
    • Published: Jun. 23, 2025
    • Modified: Jun. 26, 2025
    • Vuln Type: Authorization

  • 3.1

    LOW
    CVE-2025-23415

    An insufficient verification of data authenticity vulnerability exists in BIG-IP APM Access Policy endpoint inspection that may allow an attacker to bypass endpoint inspection checks for VPN connection initiated thru BIG-IP APM browser network access VPN ... Read more

    Affected Products : big-ip_access_policy_manager
    • Published: Feb. 05, 2025
    • Modified: Feb. 05, 2025
    • Vuln Type: Authentication
Showing 20 of 293412 Results